[Typo3-announce] Security Bulletin TYPO3-20050812-1
Karsten Dambekalns
karsten at typo3.org
Fri Aug 12 18:16:55 CEST 2005
Component Type: Extension
Affected Component: cc_awstats (and possibly others)
Version: 0.9.0 and earlier
Vulnerability Type: Remote Exploit
Severity: Medium
Problem Description:
Remote exploitation of an input validation vulnerability in AWStats allows
remote attackers to execute arbitrary commands. Successful exploitation
results in the execution of arbitrary commands with permissions of the web
service. This may compromise systems using extensions providing AWStats.
Exploitation will not occur until the stats page has been regenerated with the
tainted referrer values from the http access log. Note that AWStats is only
vulnerable in situations where at least one URLPlugin is enabled.
The extension authors opinion is that in normal circumstances the extension is
not affected by these security issues. For more information have a look in
the section “security” of the extension manual.
Solution:
An updated version (0.10.0) of the extension can be found on
http://typo3.org/extensions/repository/list/cc_awstats/
or via Extension Manager. All users of this extension are advised to
immediatly update this extension.
References:
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=true
Other possibly affected extensions:
There are two further extensions shipping (outdated) versions of AWStats,
namely Individual AW Stats (ind_cc_awstats) and Galileo Awstats
(galileo_awstats). The latter is considered to pose a high risk! The authors
of the mentioned extensions have been contacted by the TYPO3 security team.
Credits:
Thanks to Jochen Weiland for notifying us and to René Fritz for investigating
the issue and immediately updating the extension.
--
Karsten Dambekalns
TYPO3 Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-announce/attachments/20050812/c8ea29b2/attachment.pgp
More information about the TYPO3-announce
mailing list